Method and apparatus for protecting cordless telephone account authentication information

ABSTRACT

The present invention provides an apparatus for use in a telecommunication system which includes a local unit such as a cordless telephone handset and a remote unit. The apparatus generates an encrypted confirmation in the local unit in response to an inquiry received from the remote unit. The apparatus comprises receiving means for receiving the inquiry; memory means for storing a scrambled encryption key; descrambling means operatively coupled with the memory means for receiving the scrambled encryption key and for descrambling the scrambled encryption key responsive to a first predetermined digital code to produce a descrambled encryption key; and encryption means for generating an encrypted confirmation in response to the inquiry, the encrypted confirmation being encrypted using the descrambled encryption key. The invention further includes a code means such as a fuse bank for establishing the first predetermined digital code.

BACKGROUND OF THE INVENTION

The present invention relates to a method and apparatus for protectingcordless telephone account authentication information. Moreparticularly, the present invention relates to an apparatus and methodfor use in a telecommunication system including a local unit and aremote unit wherein the local unit generates an encrypted confirmationresponsive to an inquiry received from the remote unit, using accountauthentication information as an encryption key.

Wireless telephony systems have become increasingly common. In suchsystems, a subscriber uses a local unit or handset to communicate viaradio frequency transmissions with a remote unit, thereby accessing thestandard telephone network. Such wireless systems include cellulartelephone systems in NorthAmerica and cordless or CT2 systems in Europeand Asia.

Each handset capable of communicating with the remote unit is providedwith a unique network identity. This unique identity is used forlimiting access to the network to authorized subscribers. This uniqueidentity is also used for subscriber billing and recordkeeping. Thus,the unique identity may be considered to be an account number.

Since access to the wireless telephone network is limited to authorizedsubscribers, and since the account number is used for billing calls madeover the network, there is a substantial need for maintaining thesecrecy of the account number. While the account number is unique to agiven handset, the account numbers are portable in that a valid accountnumber may be used with any handset. However, the handset must beprogrammed with the account number.

When a communication such as a telephone call is initiated between thehandset and the remote unit, the remote unit transmits a challenge tothe handset. This challenge may be in the form of a 32-bit digitalrandom number. The handset has been pre-programmed with the accountnumber and thus stores internally the account number. Upon receiving thetransmitted challenge, the handset encrypts a confirmation or responseusing the stored account number. The confirmation is encrypted in orderto maintain secrecy of the account number. A transmitted, unencrypted,confirmation including the account number could be received by anunauthorized party and a different handset programmed with the accountnumber, allowing fraudulent use of the account number.

For example, in the CT2 system, the handset may store a 64-bit digitalaccount number. The handset encrypts the 64-bit account number using theproprietary encryption function "F", using the challenge as theencryption key to produce a 32-bit encrypted confirmation. The handsetthen transmits the encrypted confirmation to the remote unit. The remoteunit compares the received ciphered key with an expected value for theciphered key. If the values match, the handset and account number areconsidered to be authorized for the communication transaction toproceed.

The unique account number is stored within the handset at the time thehandset is provided to the subscriber and the account is opened betweenthe subscriber and the operator of the wireless telephone network.Therefore, the apparatus which stores the account number must be readilyprogrammable. Moreover, because account numbers may change, theapparatus which stores the account number must be capable of beingreprogrammed. Further, as a consumer product, the handset is extremelycost-sensitive. Therefore, it is important that the apparatus forstoring the account number and generating the encrypted response beinexpensive.

To reduce the risk of fraud, the account number is preferably storedwithin a semiconductor device, such as an integrated circuit. To preventtheft of the account number, the account number is never made availableat the output pins of the integrated circuit. In operation, the externaloutputs, such as the pins of the integrated circuit, are electricallyisolated to prevent disclosure of the stored account number. If thestored digital account number was ever available at the inputs andoutputs of the integrated circuit, the account number would be availablefor copying and use in another handset.

Prior art techniques of protecting account number information storedwithin a handset have used non-volatile memory for programming theaccount number. When a subscriber registers for service with thewireless network operator, the account number has been stored in thenon-volatile memory and the memory placed within the handset. Thenon-volatile memory device operates in conjunction with logic circuitryin encrypting the confirmation in response to a received challenge. Inprior art devices, the non-volatile memory device and the logiccircuitry have been combined in a single integrated circuit. When theaccount number is communicated from the non-volatile memory to the logiccircuitry, the external output pins have been electrically isolated toprevent external disclosure of the account number.

However, combining non-volatile memory, such as EEPROM or Flash EPROMtechnology, on the same integrated circuit as logic circuitry, such asin a microcontroller, is very expensive. The semiconductor manufacturingprocesses capable of providing EEPROM and Flash EPROM are expensiverelative to semiconductor manufacturing processes capable of providinglogic circuitry only. Also, where the non-volatile memory device and theassociated logic circuitry are combined in a single microcontroller,yield reductions due to non-volatile memory programming failures cangreatly increase the expense of the finished device. Accordingly, thereis a need in the art for an apparatus for generating an encryptedconfirmation in a handset which utilizes integrated circuit deviceswhich do not require both non-volatile and logic fabrication processes.

An alternative to the prior art technique of storing an account numberin non-volatile memory located in the same integrated circuit device ascontrol logic is storing the account number in a separate non-volatilememory integrated circuit device. In this technique, during the processof encrypting a confirmation in response to a received challenge, thestored account number is communicated from the non-volatile memorydevice to the control circuit. However, during the time when the storedaccount number is communicated from one integrated circuit device toanother, it is susceptible to copying for fraudulent purposes.

Accordingly, there is a need in the art for an apparatus and a methodfor generating an encrypted confirmation which does not use anon-volatile memory fabrication process, yet which does not expose thestored account number for copying.

SUMMARY OF THE INVENTION

The present invention provides an apparatus for use in atelecommunication system, the telecommunication system including a localunit and a remote unit, the apparatus generating an encryptedconfirmation in the local unit responsive to an inquiry received fromthe remote unit. The apparatus includes receiving means for receivingthe inquiry; memory means for storing a scrambled encryption key;descrambling means operatively coupled with the memory means forreceiving the scrambled encryption key from the memory means and fordescrambling the scrambled encryption key responsive to a firstpredetermined digital code to produce a descrambled key; code meansoperatively coupled with the descrambling means for establishing thefirst predetermined digital code; encryption means for generating anencrypted confirmation in response to the inquiry, the encryptedconfirmation being encrypted using the descrambled encryption key, theencryption means being operatively coupled with the receiving means forreceiving the inquiry and the encryption means being operatively coupledwith the descrambling means for receiving the descrambled encryptionkey; and transmitting means operatively coupled with the encryptionmeans for receiving the encrypted confirmation from the encrypted meansand transmitting said encrypted confirmation.

The invention further provides a method for use in a telecommunicationsystem, the telecommunication system including a local unit and a remoteunit, the method being for generating an encrypted confirmation in thelocal unit responsive to an inquiry received from the remote unit. Themethod comprises the steps of providing memory means for storing ascrambled encryption key; receiving the inquiry from the remote unit;receiving the scrambled encryption key from the memory means;descrambling the scrambled encryption key responsive to a predetermineddigital code to produce a descrambled encryption key; generating theencrypted confirmation in response to the inquiry, the encryptedconfirmation being generated using at least a portion of the inquiry andthe descrambled encryption key; and transmitting the encryptedconfirmation.

It is, therefore, an advantage of the present invention to provideprotection against copying of a stored account number or encryption keywhile reducing overall system cost by providing an apparatus includingan integrated circuit which may be fabricated in an inexpensivesemiconductor manufacturing process for fabricating only logic devices,rather than a process for manufacturing both non-volatile memory devicesand logic circuitry.

A further advantage of the present invention is to allow an accountnumber or encryption key to be stored in a non-volatile memory deviceseparate from the logic control device of the local unit of atelecommunication system, while maintaining secrecy of the encryptionkey.

Yet a further advantage of the present invention is to allow informationincluding the stored account number or encryption key stored in thenon-volatile memory device to be scrambled so that even copying thecontents of the non-volatile memory device does not provide usefulaccount information.

Further advantages and features of the present invention will beapparent from the following specification and claims when considered inconnection with the accompanying drawings illustrating the preferredembodiment of the present invention.

DETAILED DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic block diagram of the preferred embodiment of theapparatus of the present invention.

FIG. 2 is a schematic block diagram showing operational features of aportion of the preferred embodiment of the apparatus of the presentinvention.

FIG. 3 is a flow diagram illustrating the preferred embodiment of themethod of the present invention.

For purposes of clarity and ease in understanding the present invention,like elements will be identified by like reference numerals in thevarious drawings.

DETAILED DESCRIPTION OF THE INVENTION

FIG. 1 is a schematic block diagram of the preferred embodiment of thepresent invention. In FIG. 1, an apparatus 10 for generating anencrypted confirmation in a local unit responsive to an inquiry receivedfrom a remote unit in a telecommunication system is illustrated asincluding a controller 12, memory means 14, transceiver 16, programmemory 18, and input means 20.

The apparatus 10 may be used in a wireless phone system, such as a phonesystem having no cord connecting the phone receiver and a base unit, thebase unit being configured to receive telephone signals by wire or othermeans. In such a wireless telephone systems, the base unit communicatesusing radio frequency transmissions to one or more local units such as ahandset.

In a handset employing the apparatus 10, the transceiver 16 includes aport 22 for receiving radio frequency transmissions from the base unitand for transmitting radio frequency transmissions to the base unit. Theport 22 may be coupled to an antenna. The transceiver 16 receives radiofrequency transmissions at the port 22 and communicates the radiofrequency transmissions over a bus 24 to a port 26 of the controller 12.The controller 12 provides at port 26 radio frequency signals fortransmission by the transceiver 16 to the base unit. The signals fortransmission are conveyed from the port 26 over bus 24 to thetransceiver 16, which transmits radio frequency signals at port 22.

The controller 12 includes a radio frequency interface 28, a processingmeans 30, a random access memory 32, a read-only memory 34, a latchmeans 36, a parallel port 38, a serial port 40, and a fuse bank 42. Theprocessing means 30, the random access memory 32, the read-only memory34, and the latch means 36 are coupled by a common bus 44. The latchmeans 36 includes a control input 46 coupled to the microcontroller 30.Responsive to a signal received from the microcontroller 30 at controlinput 46, the latch 36 couples the common bus 44 to the parallel port38.

The processing means 30 includes a serial port means 48 forcommunicating data with the serial port 40. The memory means 14 iscoupled to the serial port 40. The memory means 14 is preferably anon-volatile memory device which may be reprogrammed by the controller30 but which retains stored data, such as an encryption key or accountnumber, when not supplied with electrical power for operation.

The controller 12 is preferably fabricated in a single integratedcircuit. The process for manufacturing the integrated circuit comprisingthe controller circuit need not, but may, be capable of producingnon-volatile memory devices.

In accordance with the present invention, the processing means 30operates responsive to program instructions for controlling theapparatus 10. The program instructions and the data for operation may bestored in random access memory 32, read-only memory 34, and programmemory 18. Thus, the bus 44 forms a bus means for communicating theprogram instructions and the stored data.

The read-only memory 34 includes a first plurality of programinstructions designated in FIG. 1 as descrambling means 50. Theread-only memory 34 further includes a second plurality of programinstructions designated encryption means 52 and a third plurality ofprogram instructions designated scrambling means 54. Operation ofprocessing means 30 in conjunction with the program instructions formingdescrambling means 50, encryption means 52 and scrambling means 54 willbe discussed below. The program instructions forming descrambling means50, encryption means 52 and scrambling means 54 are preferably providedduring fabrication of controller 12, as where read-only memory 34 is aone-time-programmable memory or mask programmable memory.

In accordance with the present invention, the apparatus 10 receives aninquiry from a remote unit of the telecommunication system. The inquiryis received by radio frequency transceiver 16 at port 22. The inquiry isconveyed over bus 24 to controller 12, where the inquiry is provided toradio frequency interface 28 for conversion to digital signals. Thedigital signals forming the inquiry are conveyed to the processing means30 and stored in random access memory 32.

For performing operations other than those operations controlled by theprogram instructions forming descrambling means 50, encryption means 52and scrambling means 54, processing means 30 preferably operatesresponsive to program instructions located in program memory 18. Whenoperations controlled by the descrambling means 50, the encryption means52 and the scrambling means 54 are to be performed, program control istransferred to the appropriate location in read-only memory 34. Whenexecution of the appropriate program instructions in read-only memory 34is completed, program control is transferred back to the programinstructions in the program memory 18. Thus, the program memory 18 maycontain program instructions customized to the particular subscriber orhandset. The read-only memory 34 may contain proprietary programinstructions for performing the descrambling, encryption and scramblingfunctions.

After receipt of a challenge by the apparatus 10, the processing means30 operates responsive to the program instructions forming thedescrambling means 50. The processing means retrieves from the memorymeans 14 through serial port 40 the preprogrammed scrambled encryptionkey. The processing means 30 descrambles the scrambled encryption key inresponse to a predetermined digital code established by the fuse bank 42to produce a descrambled encryption key which is stored in random accessmemory 32.

After the scrambled encryption key has been descrambled, the processingmeans 30 further operates responsive to the program instructions formingthe encryption means 52. The processing means 30 retrieves thedescrambled encryption key and the inquiry stored in random accessmemory 32. The processing means 30 generates an encrypted confirmationin response to the inquiry, using the descrambled encryption key. Theencryption means may implement the proprietary, industry standard "F"encryption algorithm.

The processing means 30 conveys the encrypted confirmation to the radiofrequency interface for conversion to radio frequency signals. The radiofrequency signals are conveyed from the controller 12 to the transceiver16 for transmission to the remote unit.

The input means 20 is provided for conveying the encryption key to thecontroller 12 during initial programming of the local unit. When asubscriber initiates service, the encryption key, which may be in theform of an account number, is provided to the input means. Thus, theinput means receives a clear encryption key, which is not scrambled, atthe time of programming. The input means may be an external port forcoupling the handset including the apparatus 10 to a programming devicefor programming the handset with the account number or encryption key.

The input means 20 conveys the clear encryption key to port 38, and theclear encryption key is conveyed over bus 44 to the processing means 30.In response to the plurality of program instructions forming thescrambling means 54 stored in the read-only memory 34, the processingmeans 30 scrambles the clear encryption key to produce a scrambledencryption key. The scrambled encryption key is conveyed by serial portmeans 48 to the serial port 40 for storage in the memory means 14. Thus,the second plurality of program instructions 54 forms a scrambling meansfor receiving the clear encryption key and scrambling the clearencryption key responsive to a second predetermined digital code togenerate the scrambled encryption key.

It is an advantage of the present invention that once the scrambledencryption key has been stored in the memory means 14 during initialprogramming, the encryption key is never available in descrambled orclear form at external outputs of the controller 12, such as parallelport 38. It is a further advantage of the present invention that theprogram instructions which form the descrambling means 50, theencryption means 52 and the scrambling means 54 are never available atexternal outputs of the controller 12. In accordance with the presentinvention, whenever the common bus 44 communicates the scrambledencryption key or the program instructions forming the descramblingmeans 50, the encryption means 52 or the scrambling means 54, the latchmeans 36 decouples the common bus 44 from the parallel port 38. In thismanner, program instructions and data such as the descrambled encryptionkey which are communicated on the common bus 44 are not available atexternal outputs of the controller 12.

It is a further key advantage of the present invention that thescrambled encryption key stored in the memory means 14 is maintained inscrambled form. Since the encryption key is scrambled, copying thecontents of the memory means 14 does not provide useful accountinformation. The scrambled encryption key stored in the memory means 14can only be descrambled to produce a descrambled encryption key inresponse to the first predetermined digital code established by the fusebank 42.

The fuse bank 42 preferably comprises a plurality of fuses programmed atthe time of fabrication of the controller 12. As is known in the art,the fuses which form the fuse bank 42 may comprise regions oflow-resistance conductor such as metal or polysilicon. At the time ofprogramming, a predetermined, unique, combination of fuses is programmedby converting the fuses from a low-resistance state to a high-resistancestate. The programmed fuses establish a code of, for example 32 bits,permitting up to 2³² possible predetermined digital codes for producingthe descrambled encryption key by the scrambling means. Because of thelarge number of possible codes, the predetermined digital code isvirtually unique.

In accordance with the present invention, the descrambling means 50 andthe scrambling means 54 preferably operate responsive to the samepredetermined digital code established by the fuse bank 42. Use of thesame predetermined digital code as both a scrambling and a descramblingkey for the encryption key allows the descrambling and scramblingfunctions to operate transparently. That is, the actual value of the keyis arbitrary and need not be disclosed. Thus, the predetermined digitalcode may be programmed once at the initial manufacturing stage and neednever be made available external to the controller 12.

Referring now to FIG. 2, it is a schematic block diagram showingoperational features of the preferred embodiment of the presentinvention. FIG. 2 illustrates the controller 12 coupled to the memorymeans 14 at serial port 40. The processing means 30 is coupled to theserial port 40 by serial port means 48. The processing means 30 isoperatively coupled with the random access memory 32. The processingmeans 30 is further operatively coupled with scrambling means 54,descrambling means 50, and authentication means 52, which may be programinstructions contained in memory such as read-only memory 34 (FIG. 1).The fuse bank 42 is operatively coupled with the scrambling means 54 andthe descrambling means 50.

In operation, the processing means 30 operates responsive to storedprogram instructions to move a scrambled encryption key from the memorymeans 14 to a predetermined location 56 in the random access memory 32.Responsive to program instructions forming descrambling means 50, theprocessing means 30 provides a signal to the control input 46 of thelatch means 36 (FIG. 1) to decouple the common bus 44 from the outputport 38. Thus, all bus transactions involving the common bus 44 are notexternally visible during operation of the program instructions formingthe descrambling means 50. The descrambling means 50 converts thescrambled encryption key to a descrambled encryption key, using thepredetermined digital code established by the fuse bank 42 as adescrambling key.

The descrambled encryption key is provided to the encryption means 52.The encryption means 52 receives the challenge transmitted by the remoteunit to the local unit or handset and which has been stored in therandom access memory 32 at a predetermined location 58. The encryptionmeans 52 encrypts the challenge with the descrambled encryption key andstores the result as an encrypted confirmation in the random accessmemory at a predetermined storage location 60.

In accordance with the present invention, the authentication algorithmmay not apply to all data types to be stored in the memory means 14. Forexample, initiation of wireless telephony service may requiretransmission of a handset identification code or a manufactureridentification code, or both, from the handset to the remote unit. Theseidentification codes may be stored in scrambled form in memory means 14to protect their secrecy, along with the scrambled encryption key.However, these identification codes may be transmitted withoutencryption. Thus, two paths are illustrated in FIG. 2. A first path 66indicates flow of data such as the encryption key from the descramblingmeans 50 to the encryption means 52. A second, bypass path 68 indicatesflow of data such as the handset identification code and themanufacturing code from the descrambling means 50 directly to storage inthe random access memory 32. The handset identification code and themanufacturer identification code may be provided to the apparatus 10 bythe input means 20 (FIG. 1), scrambled by the scrambling means 54, andstored in the memory means 14 in the same manner as the clear encryptionkey.

The program instructions forming the scrambling means 54 are used forscrambling of the account number or encryption key during initialprogramming of the controller 12. In operation, the processing meansstores in a predetermined location 62 the clear encryption key receivedfrom input means 20 over common bus 44. Responsive to programinstructions forming scrambling means 54, the processing means conveys acontrol signal to the control input 46 of the latch means 36 (FIG. 1),decoupling the common bus 44 from the output port 38. Thus, all bustransactions involving common bus 44 during execution of the programinstructions forming scrambling means 54 are not externally visible. Thescrambling means 54 scrambles the clear encryption key responsive to asecond predetermined digital code established by the fuse bank 42. Thescrambling means produces a scrambled encryption key and stores thescrambled encryption key in a predetermined location 64 in random accessmemory 32. Responsive to program instructions forming the scramblingmeans 54, the processing means 30 sends a control signal to the controlinput 46 of the latch means 36 to couple to control bus 44 to the output38. The processing means 30 then reads the scrambled encryption keystored at location 64 in random access memory 32 and conveys thescrambled encryption key to serial port 40 for storage in memory means14.

FIG. 3 is a flow diagram illustrating the preferred embodiment of themethod of the present invention. FIGS. 3 illustrates a method for use ina telecommunication system which includes a local unit and a remoteunit, such as a wireless telephony system. The method illustrated inFIG. 3 is for generating an encrypted confirmation in the local unit,such as a handset, responsive to an inquiry received from the remoteunit.

The method begins at step 100, in which the local unit receives theinquiry from the remote unit. The inquiry may be in the form of achallenge, a multiple-bit digital code transmitted by the remote unitand requiring a response from the local unit for authentication andcontinued communication.

The method continues at step 102, in which the local unit receives ascrambled encryption key which is stored in a memory means. Thescrambled encryption key may be a second multiple-bit digital code whichhas been scrambled according to any descrambling algorithm known in theart. The scrambled encryption key may be an account number unique to thelocal unit or handset, which has been preassigned to the subscriber oroperator of the handset. Such an account number may uniquely identifythe subscriber and the handset for purposes of authenticating the use ofthe handset with the remote unit and for purposes of billing thesubscriber for telephony services.

The method continues at step 104, in which the encryption key isdescrambled. As noted, descrambling preferably occurs in accordance withany known scrambling and descrambling algorithm. In accordance with thepresent invention, a predetermined digital code serves as thedescrambling key to produce a descrambled encryption key.

The method continues at step 106, in which the encrypted confirmation isgenerated. The encrypted confirmation may be in the form of an encryptedresponse to be transmitted from the local unit or handset to the remoteunit for authorizing continued communication between the local unit andthe remote unit. Preferably, in accordance with the present invention,the encrypted confirmation is generated using at least a portion of thereceived inquiry and the descrambled encryption key. The methodcontinues at step 108 in which the encrypted confirmation is transmittedto the remote unit.

In accordance with the present invention, the method may further includethe step of providing code means for establishing the predetermineddigital code. Such code means may be in the form of a fuse bank or groupof fuses configured for generating the predetermined digital code. Thefuses may be blown or programmed during fabrication to generate thepredetermined digital code during operation.

Further in accordance with the present invention, the method may furthercomprise the steps of receiving a clear encryption key, scrambling theclear encryption key to produce the scrambled encryption key, andstoring the scrambled encryption key in the memory means prior toreceiving the inquiry. The clear encryption key may be an account numberuniquely assigned to the subscriber or the local unit or handset. Whenan account for wireless telephony services is initiated by thesubscriber, the local unit or handset may be programmed with the clearencryption key. Programming, in accordance with the present invention,includes scrambling the clear encryption key to produce the scrambledencryption key and storing the scrambled encryption key in the memorymeans, such as a non-volatile memory device. Preferably, the clearencryption key is scrambled in response to the predetermined digitalcode used for descrambling the scrambled encryption key.

Still further in accordance with the present invention, the scramblingand descrambling steps may occur in a first integrated circuit, thememory means being provided in a second integrated circuit coupled tothe first integrated circuit. The method may further comprise the stepof providing within the first integrated circuit a bus means forcommunicating the scrambled encryption key and the clear encryption key,and output means, such as bonding pads or package pins, for coupling thebus means to the memory means. Further in accordance with the presentinvention, the method may further include the step of decoupling theoutput means from the bus means when the scrambled encryption key isdescrambled. Thus, whenever the clear or descrambled encryption key iscommunicated on the bus means within the first integrated circuit, thebus means is decoupled from the output means, assuring that thedescrambled or clear encryption key remains secret and is neverdisclosed outside the first integrated circuit. Since only the scrambledencryption key is stored in the memory means, copying the memory meansincluding the stored scrambled encryption key is useless and does notallow fraudulent use of the encryption key or account number. Further,since the scrambled encryption key may be descrambled only in accordancewith the predetermined digital code, the encryption key for initiatingwireless telephony services is secure against copying.

As can be seen from the foregoing, the present invention provides anapparatus and method for detecting cordless telephone accountauthentication information, such as an account number. The accountnumber is preferably scrambled by a logic circuit contained in a firstintegrated circuit fabricated using a relatively inexpensivesemiconductor fabrication process for logic circuits. The scrambledencryption key is then preferably stored by the logic circuit in anassociated non-volatile memory device. Thus, the present inventionprovides significant cost advantages over prior art account numberprotection apparatus, which combine logic circuitry and non-volatilememory on a single integrated circuit, requiring a relatively expensivesemiconductor fabrication process.

The stored, scrambled encryption key is retrieved from the non-volatilememory device in response to a received inquiry, such as a challengefrom a remote unit in a wireless telephony system. The scrambledencryption key is descrambled in accordance with a predetermined digitalcode and used to encrypt a confirmation or response. The predetermineddigital code is preferably generated by a fuse bank or group of fusesconfigured at the time of fabrication for generating a multiple-bitdigital code. Where a large number of fuses are used, a large number ofpossible digital codes can be generated. Thus, the predetermined digitalcode necessary for descrambling the scrambled encryption key isvirtually unique. Since the scrambled encryption key can only bedescrambled in response to the predetermined digital code, a high levelof security for the encryption key or account number is provided.

It is to be understood that, while the detailed drawings and specificexamples given describe preferred embodiments of the invention, they arefor the purpose of illustration, that the apparatus of the invention isnot limited to the precise details and conditions disclosed and thatvarious changes may be made therein without departing from the spirit ofthe invention which is defined by the following claims:

What is claimed is:
 1. An apparatus for use in a telecommunicationsystem, said telecommunication system including a local unit and aremote unit, the apparatus generating an encrypted confirmation in saidlocal unit responsive to an inquiry received from said remote unit; theapparatus comprising:receiving means for receiving said inquiry; memorymeans for storing a scrambled encryption key; descrambling meansoperatively coupled with said memory means for receiving said scrambledencryption key from said memory means and for descrambling saidscrambled encryption key responsive to a first predetermined digitalcode to produce a descrambled encryption key; code means operativelycoupled with said descrambling means for establishing said firstpredetermined digital code; encryption means for generating an encryptedconfirmation in response to said inquiry, said encrypted confirmationbeing encrypted using said descrambled encryption key, said encryptionmeans being operatively coupled with said receiving means for receivingsaid inquiry and said encryption means being operatively coupled withsaid descrambling means for receiving said descrambled encryption key;and transmitting means operatively coupled with said encryption meansfor receiving said encrypted confirmation from said encryption means andtransmitting said encrypted confirmation.
 2. An apparatus forconfirmation as recited in claim 1 wherein the apparatus use in atelecommunication system, said telecommunication system including alocal unit and a remote unit, the apparatus generating an encryptedconfirmation in said local unit responsive to an inquiry received fromsaid remote unit; the apparatus comprising:receiving means for receivingsaid inquiry; memory means for storing a scramble encryption key;descrambling means operatively coupled with said memory means forreceiving said scrambled encryption key from said memory means and fordescrambling said scrambled encryption key responsive to a firstpredetermined digital code to produce a descrambled encryption key; codemeans operatively coupled with said descrambling means for establishingsaid first predetermined digital code; encryption means for generatingsaid encrypted confirmation in response to said inquiry, said encryptedconfirmation being encrypted using said descrambled encryption key, saidencryption means being operatively coupled with said receiving means forreceiving said inquiry and said encryption means being operativelycoupled with said descrambling means for receiving said descrambledencryption key; transmitting means operatively coupled with saidencryption means for receiving said encrypted confirmation from saidencryption means and transmitting said encrypted confirmation; inputmeans for receiving a clear encryption key; and scrambling meansoperatively coupled with said input means for receiving said clearencryption key from said input means, said scrambling means scramblingsaid clear encryption key responsive to a second predetermined digitalcode to generate said scrambled encryption key and wherein saidscrambling means is operatively coupled with said memory means forstoring said scrambled encryption key in said memory means.
 3. Anapparatus for generating an encrypted confirmation as recited in claim 2wherein said code means establishes said second predetermined digitalcode.
 4. An apparatus for generating an encrypted confirmation asrecited in claim 3 wherein said first predetermined digital code is thesame as said second predetermined digital code.
 5. An apparatus forgenerating an encrypted confirmation as recited in claim 3 wherein theapparatus further comprises storage means for storing scrambled data fortransmission, said descrambling means being operatively coupled withsaid storage means for receiving said scrambled data and fordescrambling said scrambled data to generate descrambled data, andwherein said descrambling means is operatively coupled with saidtransmitting means for conveying said descrambled data to saidtransmitting means and wherein said transmitting means transmits saiddescrambled data.
 6. An apparatus for generating an encryptedconfirmation as recited in claim 5 wherein said input means receivesclear data and wherein said scrambling means receives said clear datafrom said input means and scrambles said clear data responsive to saidsecond predetermined digital code to generate said scrambled data, andwherein said scrambling means is operatively coupled with said storagemeans, said scrambling means storing said scrambled data in said storagemeans.
 7. An apparatus for generating an encrypted confirmation asrecited in claim 6 wherein said telecommunication system comprises awireless telephony system and said clear encryption key comprises anaccount number.
 8. An apparatus for generating an encrypted confirmationas recited in claim 2 wherein the apparatus further comprises processingmeans for executing program instructions for controlling said local unitand program memory means coupled with said processing means for storinga predetermined number of said program instructions.
 9. An apparatus forgenerating an encrypted confirmation as recited in claim 8 wherein saiddescrambling means comprises a first plurality of program instructionsof said predetermined number of program instructions and said scramblingmeans comprises a second plurality or program instructions of saidpredetermined number of program instructions.
 10. An apparatus forgenerating an encrypted confirmation as recited in claim 9 wherein saidprocessing means and said program memory means are coupled by a busmeans for communicating said program instructions and said descrambledencryption key.
 11. An apparatus for generating an encryptedconfirmation as recited in claim 10 wherein said processing means, saidprogram memory means and said bus means are integrated in a singleintegrated circuit, said single integrated circuit having output meanscoupled with said bus means for coupling said common bus with saidmemory means.
 12. An apparatus for generating an encrypted confirmationas recited in claim 11 wherein said processing means includes a controloutput and wherein the apparatus further comprises latch means coupledintermediate said bus means and said output means, said latch meanshaving a control input coupled with said control output, said processingmeans providing a control signal to said latch means for selectivelydecoupling said common bus from said output means responsive to saidcontrol signal.
 13. An apparatus for generating an encryptedconfirmation as recited in claim 12 wherein said processing meansprovides said control signal to said latch means for decoupling saidoutput means from said common bus when said common bus communicates saiddescrambled encryption key.
 14. An apparatus for generating an encryptedconfirmation as recited in claim 12 wherein said processing meansprovides said control signal to said latch means for decoupling saidoutput means from said common bus when said processing means executessaid first plurality of program instructions.
 15. An apparatus forgenerating an encrypted confirmation as recited in claim 14 wherein saidcode means comprises a programmable digital encoder for producing amultiple-bit digital signal.
 16. An apparatus for generating anencrypted confirmation as recited in claim 15 wherein said programmabledigital encoder comprises a fuse bank.
 17. A method for use in atelecommunication system, said telecommunication system including alocal unit and a remote unit, the method being for generating anencrypted confirmation in said local unit responsive to an inquiryreceived from said remote unit, the method comprising the stepsof:providing memory means for storing a scrambled encryption key;receiving said inquiry from said remote unit; receiving said scrambledencryption key from said memory means; descrambling said scrambledencryption key responsive to a predetermined digital code to produce adescrambled encryption key; generating said encrypted confirmation inresponse to said inquiry, said encrypted confirmation being generatedusing at least a portion of said inquiry and said descrambled encryptionkey; and transmitting said encrypted confirmation.
 18. A method for usein a telecommunication system, said telecommunication system including alocal unit and a remote unit, the method being for generating anencrypted confirmation in said local unit responsive to an inquiryreceived from said remote unit, the method comprising the stepsof:providing memory means for storing a scrambled encryption key;receiving said inquiry from said remote unit; receiving said scrambledencryption key from said memory means; descrambling said scrambledencryption key responsive to a predetermined digital code to produce adescrambled encryption key; generating said encrypted confirmation inresponse to said inquiry, said encrypted confirmation being generatedusing at least a portion of said inquiry and said descrambled encryptionkey; transmitting said encrypted confirmation; and providing code meansfor establishing said predetermined digital code, wherein said scrambledencryption key is descrambled responsive to said predetermined digitalcode.
 19. A method for generating an encrypted confirmation as recitedin claim 18 wherein the method further comprises the steps of receivinga clear encryption key, scrambling said clear encryption key to producesaid scrambled encryption key and storing said scrambled encryption keyin said memory means prior to receiving said inquiry.
 20. A method forgenerating an encrypted confirmation as recited in claim 19 wherein saidclear encryption key is scrambled in response to said predetermineddigital code.
 21. A method for generating an encrypted confirmation asrecited in claim 19 wherein said clear encryption key is scrambled in afirst integrated circuit, said scrambled encryption key is descrambledin said first integrated circuit, said memory means is provided in asecond integrated circuit, and wherein the method further comprises thestep of providing within said first integrated circuit bus means forcommunicating said scrambled encryption key and said clear encryptionkey and output means for coupling said bus means to said memory means.22. A method for generating an encrypted confirmation as recited inclaim 21 wherein the method further comprises the step of decouplingsaid output means from said bus means when said scrambled encryption keyis descrambled.
 23. A method for generating an encrypted confirmation asrecited in claim 21 wherein the method further comprises the step ofdecoupling said output means from said bus means when said bus meanscommunicates said descrambled encryption key.